There’s no question that security continues to be an important aspect in businesses today. However, it often seems that it’s a moving target as technology evolves and as cyber threats become more advanced. Having a strong password policy may seem like a no-brainer, but user credentials are primarily what hackers are looking to exploit. This is where Multi-Factor Authentication comes into play as an added layer of protection.
Reasons for Password Compromise
At the end of the day, human error makes up the large majority of why companies succumb to cyber threats. Phishing is still very prominent and one of the most common methods to gain confidential or financial information. According to Verizon’s 2018 Data Breach Investigations Report, 78% of people don’t click on a single phishing campaign all year. However, an average of 4% will click. At first glance the stats seem to be stacked to favor that most people have the awareness of when not to click on an illegitimate email. It only takes 1 person to click a malicious link to potentially put an entire corporation’s data at risk.
A very common phishing attack mimics an Microsoft Office 365 password reset. A seemingly legitimate email is delivered to the recipient requesting that they reset their password. This then allows the hacker to have “legitimate” access to the mailbox, where a number of issues can unfold. A user with Multi-Factor Authentication can monitor which devices are accessing their email account, therefore increasing security and peace of mind.
What is Multi-Factor Authentication?
The idea behind multi-factor authentication (MFA) is to provide 2 or more authentication methods in order to gain access. Having a complex password is very important, as a password provides the key to data. MFA provides another layer of security. Cisco indicates that MFA validates a person’s identity in one of three ways: something you know, something you have, or something you are.
- “Something You Know” refers to a password. About 81% of data breaches occur due to stolen and/or weak passwords. This is why MFA strengthens security through multiple levels of verification before granting access.
- “Something You Own” refers to a device. In most cases, this is a mobile device. Upon entering a password, the user will be prompted to approve or deny access – whether through an email, a text message, a push notification. Access is not granted without having “ownership” of the device in which this notification is sent.
- “Something You Are” refers to biometric access such as a fingerprint or facial recognition.
Ask us about how to implement Multi-Factor Authentication for your business today!
